More On Michael ParisSaturday, 28 August 1999Last Updated Saturday, 22 November 2008

Please Note: This information applies only to Michael Scott Paris of Dover, New Hampshire,not to any other person (and there are quite a few) named Michael Paris.I'm aware of at least one case of mistaken identity, and hope readers ofthis material won't allow it to affect their opinion of any other personthey know by the same or similar name.

In December of 1998, I exchanged several emails with
"Scott Davis." His lengthy diatribes contained numerous
false and inaccurate statements, and conveyed threats of legal
action against me for my truthful
exposure of the Lockdown product and its advertising. In these emails, "Davis" posed as an
attorney and a satisfied user of Lockdown who had been taken into
the confidence of the operators of Harbor Telco. The frequent
misspellings and obviously poor comprehension of legalese made it
clear he was not who he claimed. At the time, I believed the
author was a principal of Harbor Telco, one Roger LeClerc. But I
have since established firmly that none other than Michael Paris
was the writer, by comparing headers of the emails I received
with those sent to another person by "Scott Davis" --
in which Paris reveals his actual identity. The origin was
identical.

Paris sometimes claims he dropped InVircible because he
realized the product was a poor one; but the software's developer says he was canned by
the company after a dispute in which he was accused
of bootlegging its software.

Paris has claimed that he was consulted for one
of the bad reviews InVircible received, and that this
involvement precipitated his conflict with the company's owner, Zvi
Netiv. But the writer of that review has told me he never
consulted with Michael Paris; in fact, the author says he'd never
been in any contact with Michael Paris until Paris sought him
out in December 1998, about 7 months after the review was
published in May; and that was of course long after Paris and
InVircible had had their falling-out. Paris' purpose for this
contact? An effort to damage and discredit Zvi Netiv and
InVircible.

When he lost the lucrative InVircible business, Paris turned
to "Hackerproof98."
Sold by Paris under the company name Byte
Tight Security, Hackerproof98 was a direct copy of a freeware
program created by a Dutch fellow named L. A. van der Hoogt.
Originally named NetWatcherPro,
it was basically a poor implementation of a pretty good idea: a
monitor for Windows file shares which would alert the user to
connections and disconnect unwanted users. According to van der
Hoogt, Paris made him "an offer I couldn't resist".

On its face, and assuming it worked, such a utility could be
handy for a limited number of users. Not very many people had a
real use for this, so realistically, it presented only modest
marketing prospects. Byte Tight engaged in a spam
campaign in the form of "security alerts" on the
subject of a "new" and supposedly widespread "gaping
Internet security hole" which was in fact a known file
sharing configuration error in some LAN-connected Windows
machines. It was an easily-solved
problem and affected only a very small percentage of Internet
users. Paris engaged the media. He variously claimed this "hole"
affected 60%, 80%, even ALL Internet-connected Win9x and NT
systems. Networking professionals knew
better and said so loudly.

That was July of 1998. Sales of Hackerproof98 had apparently
stopped short by late July or August when Paris and his partner
had a falling-out. Hackerproof98 didn't work and was in
disrepute. Worse, paid-for software was not delivered to
numerous customers (even though all they had to do was email the
buyer an unlock code!). Paris has since tried to claim
he was not involved in his partner's "premature release" of Hackerproof98, that it was a beta version, that it was all
perpetrated by his former (now disappeared) partner, etc. That partner, Eddie Davidson, may conceivably have
absconded with the funds as Paris says; but Michael Paris was involved in personally promoting Hackerproof98 and directing people to the very
website he now claims he did not sanction or control.

To escape the nasty reputation Hackerproof98 had so quickly
earned, the product's name was changed to Lockdown
2000 and a substantially identical sales campaign was resumed.
Paris posted a disclaimer on the Hackerproof98 site to redirect its traffic
to lockdown2000.com.

Sometime around October, Paris apparently snapped to the
widespread concern about remote-access trojans. Lockdown was
clumsily modified to sometimes spot ONE trojan (of the
many which were by then in circulation), the well-known Back
Orifice. Paris announced that Lockdown Version
2.0 now removed ALL trojans.

Parallels

There are close parallels between the sales tactics used to
market the InVircible antivirus application and those Paris now
uses to market Lockdown2000. One of the more obvious is the
unspecified "new generic technology" which is claimed
to be effective against all present and future threats. Those claims are subject to challenge.

Another parallel is Paris' efforts to
create an illusion of credibility through non-independent reviews. In 1995,
Paris reportedly paid one Paul Williams to produce a comparative
review of antivirus software which portrayed InVircible as
vastly superior to all other products -- using questionable "tests." No review exists anywhere by any
reputable professional which even approximates Mr. Williams'
results. Many excellent comparative reviews do exist, and they typically
show mediocre performance for InVircible, at best.

Similarly, In January of 1999, Paris persuaded a website
author, Demoniz
of the well-known security-related bikkel.com,
to write a favorable Lockdown review. It's unknown what he
offered in exchange. The Bikkel review, though never posted in
full, met with immediate protests from knowledgable readers.
Demoniz withdrew it entirely. No trace of anything to do with
Lockdown can be found on his website. In public, Demoniz refuses
to mention the matter. In emails, he has repeatedly stated to me
and to others that he was pressured by Paris and that he wants
nothing more to do with the subject. Demoniz said of his review:
"It wasn't accurate and never should be published."
But Paris continues, to this day, to prominently
proclaim Bikkel's endorsement on the Lockdown2000 website.
Inexplicably, Demoniz has not publicly objected to this misuse of
his name.

More recently, Paris has employed BHZ of net-security.org
to produce a favorable review of Lockdown2000. BHZ was repaid in
the form of free hosting of the net-security.org domain on the
harbortelco server. While BHZ has acknowledged the terms of this
deal in emails to me, he has refused to perform honest tests of
Lockdown and continues to maintain the review on his site. BHZ is apparently incapable
of any realistic technical assessment of the application.
Net-security.org is a news site, and except for Lockdown,
offers no software reviews; it consists primarily of brief
summaries of computer-security related news with links to other
sites.

As he was with InVircible, Paris is well aware of Lockdown's
shortcomings. But he continues to pursue its sales without pause
or apology, and makes numerous
sweeping statements about the product's function and efficacy. Paris has
admitted that he is well aware that Lockdown2000 does
not protect shared files from deletion and alteration. He
says he has known this since the product's inception as
Hackerproof98. Yet his marketing claims continue to state
specifically that files cannot be deleted under Lockdown's
protection; in fact he goes so far as to claim that Lockdown's
protection is absolute.

Consumer Fraud

When confronted with a dissatisfied customer, Paris' standard
response seems to be to blame the user, and/or to lead them
through explanations and
configuration changes. Often he will offer participation in a
never-ending beta test, as if he were handing out a rare favor.

I have emails from former users which show a
pattern of abusive and deceptive responses to those customers'
demands for refund. In one apparently typical case, the buyer got
a ridiculous runaround in which Roger LeClerc expressed his grave
concern that the user would obtain a double refund; this
objection was repeated in response to every attempt at rational
dialogue until the exasperated customer gave up trying. In
another, the dissatisfied customer reports that "They
became highly upset that I was reclaiming a refund and reinforced
their policy that disputing was a sin and that the problem was
now between the credit card company and myself. They refused to
further have a meaning(ful) discussion about the subject and hung
up the phone."

Evasion

When his product is critically reviewed, Paris immediately
issues the ever-present beta-test version under a new version
number and declares the review out of date.

History of Net Abuse

Paris' primary business partner in the brief Hackerproof98
venture was Eddie Davidson, a spammer
who is very well-known and particularly
offensive. Eddie was apparently bankrupted by lawsuits
resulting from his illegal net abuse, which may explain his
alleged theft of the Hackerproof98 proceeds.

I find numerous instances where Paris or his associates have engaged in mass
email and UseNet spamming. There was a
spam campaign promoting the porn site digital3dfantasy.com,
which was hosted on the harbortelco server.

Paris was forced to find another provider. Yet he
apparently hasn't learned quite enough from the experience. As of
this date (8/99), Paris maintains an open mail server at
mail.harbortelco.com. This means his mail server is open to
potential abuse by illicit spammers, who might relay mass email
to you because Paris inexplicably hasn't taken the simple
necessary steps to limit access.